More Web Proxy on the site http://driver.im/

abstract

Factoring User Experience into the Security and Privacy Design of Smart Home Devices: A Case Study

Authors:

George Chalhoub,

Norbert Nthala,

Ruba Abu-Salma,

Elie TomAuthors Info & Claims

CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

Pages 1 - 9

https://doi.org/10.1145/3334480.3382850

Published: 25 April 2020 Publication History

Abstract

Smart home devices are growing in popularity due to their functionality, convenience, and comfort. However, they are raising security and privacy concerns for users who may have very little technical ability. User experience (UX) focuses on improving user interactions, but little work has investigated how companies factor user experience into the security and privacy design of smart home devices as a means of addressing these concerns. To explore this in more detail, we designed and conducted six in-depth interviews with employees of a large smart home company in the United Kingdom. We analyzed the data using Grounded Theory, and found little evidence that UX is a consideration for the security design of these devices. Based on the results of our study, we proposed user-centered design guidelines and recommendations to improve data protection in smart homes.

References

[1]

Statista. 2020. Smart Home - worldwide | Statista Market Forecast. (Jan. 2020). https://www.statista. com/outlook/279/100/smart-home/worldwide

[2]

Noura Abdi, Kopo M. Ramokapane, and Jose M. Such. 2019. More than Smart Speakers: Security and Privacy Perceptions of Smart Home Personal Assistants. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019).

[3]

Noura Aleisa and Karen Renaud. 2017. Privacy of the Internet of Things: A systematic literature review. In Proceedings of the 50th Hawaii International Conference on System Sciences.

[4]

Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805 (2017).

[5]

Parks Associates. 2019. Parks Associates: Privacy concerns increasing among smart home device owners. (Oct. 2019).

[6]

Daniel Bastos, Fabio Giubilo, Mark Shackleton, and Fadi El-Moussa. 2018. GDPR Privacy Implications for the Internet of Things.

[7]

Johanna Bergman and Isabelle Johansson. 2017. The user experience perspective of Internet of Things development. (2017).

[8]

Johanna Bergman, Thomas Olsson, Isabelle Johansson, and Kirsten Rassmus-Gröhn. 2018. An exploratory study on how Internet of Things developing companies handle User Experience Requirements. In International Working Conference on Requirements Engineering: Foundation for Software Quality. Springer, 20--36.

[9]

Dennis Basil Bromley and Dennis Basil Bromley. 1986. The case-study method in psychology and related disciplines. Wiley Chichester.

[10]

Matt Burgess. 2018. The IoT's security nightmare will never end. You can now search insecure cameras by address. Wired UK (Nov. 2018). https://www.wired.co.uk/article/internet-of-things-security-camera-search-location

[11]

William Buxton and Richard Sniderman. 1980. Iteration in the design of the human-computer interface. In proceedings of the 13th Annual Meeting of the Human Factors Association of Canada, Vol. 7281. 37.

[12]

Lee A. Bygrave. 2017. Data protection by design and by default: Deciphering the EU's legislative requirements. Oslo Law Review 4, 02 (2017), 105--120.

[13]

Charles F. Cannell, Peter V. Miller, and Lois Oksenberg. 1981. Research on interviewing techniques. Sociological methodology 12 (1981), 389--437.

[14]

Isis Chong, Aiping Xiong, and Robert W. Proctor. 2019. Human factors in the privacy and security of the internet of things. Ergonomics in Design 27, 3 (2019), 5--10.

[15]

Paul Dunphy, John Vines, Lizzie Coles-Kemp, Rachel Clarke, Vasilis Vlachokyriakos, Peter Wright, John McCarthy, and Patrick Olivier. 2014. Understanding the experience-centeredness of privacy and security technologies. In Proceedings of the 2014 New Security Paradigms Workshop. ACM, 83--94.

Digital Library

[16]

Ivan Flechais, M. Angela Sasse, and Stephen Hailes. 2003. Bringing security home: A process for developing secure and usable systems. In Proceedings of the 2003 workshop on New security paradigms. ACM, 49--57.

Digital Library

[17]

Jesse James Garrett. 2010. The elements of user experience: user-centered design for the web and beyond. Pearson Education.

[18]

Christine Geeng and Franziska Roesner. 2019. Who's In Control?: Interactions In Multi-User Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 268.

Digital Library

[19]

Leo A. Goodman. 1961. Snowball sampling. The annals of mathematical statistics (1961), 148--170.

[20]

Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2015. Engineering privacy by design reloaded. In Amsterdam Privacy Conference. 1--21.

[21]

Marc Hassenzahl, Sarah Diefenbach, and Anja Göritz. 2010. Needs, affect, and interactive products--Facets of user experience. Interacting with computers 22, 5 (2010), 353--362.

[22]

Marc Hassenzahl and Noam Tractinsky. 2006. User experience-a research agenda. Behaviour & information technology 25, 2 (2006), 91--97.

[23]

Lassi A. Liikkanen, Harri Kilpiö, Lauri Svan, and Miko Hiltunen. 2014. Lean UX: the next generation of user-centered agile development?. In Proceedings of the 8th Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational. ACM, 1095--1100.

Digital Library

[24]

Kuo-Yi Lin, Chen-Fu Chien, and Rhoann Kerh. 2016. UNISON framework of data-driven innovation for extracting user experience of product design of wearable devices. Computers & Industrial Engineering 99 (2016), 487--502.

Digital Library

[25]

Robert C. Martin. 2002. Agile software development: principles, patterns, and practices. Prentice Hall.

[26]

John McCarthy and Peter Wright. 2007. Technology as experience. MIT press.

Digital Library

[27]

Sharan B. Merriam. 1988. Case study research in education: A qualitative approach. Jossey-Bass.

[28]

Sharan B. Merriam. 1998. Qualitative Research and Case Study Applications in Education. Revised and Expanded from" Case Study Research in Education.". ERIC.

[29]

Gabe Morazan. 2019. What Is Privacy UX? (May 2019). https://www.cmswire.com/digital-experience/what-is-privacy-ux/

[30]

Jack Narcotta. 2018. Smart Home Surveillance Camera Market Analysis and Forecast. (April 2018).

[31]

Razvan Nicolescu, Michael Huth, Petar Radanliev, and David De Roure. 2018. State of The Art in IoT-Beyond Economic Value. London. (2018).

[32]

Norbert Nthala and Ivan Flechais. 2018. Informal support networks: An investigation into home data security practices. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). 63--82.

[33]

Jeungmin Oh and Uichin Lee. 2015. Exploring UX issues in Quantified Self technologies. In 2015 Eighth International Conference on Mobile Computing and Ubiquitous Networking (ICarnegie Mellon University). 53--59. Mellon University.2015.7061028

[34]

Helena Holmström Olsson, Jan Bosch, and Brian Katumba. 2016. User Dimensions in 'Internet of Things' Systems: The UDIT Model. In Software Business (Lecture Notes in Business Information Processing), Andrey Maglyas and Anna-Lena Lamprecht (Eds.). Springer International Publishing, Cham, 161--168.

[35]

Janice Redish and Carol Barnum. 2011. Overlap, influence, intertwining: The interplay of UX and technical communication. Journal of Usability Studies 6, 3 (2011), 90--101.

Digital Library

[36]

Claire Rowland and Martin Charlier. 2015. User Experience Design for the Internet of Things. O'Reilly Media.

[37]

Claire Rowland, Elizabeth Goodman, Martin Charlier, Ann Light, and Alfred Lui. 2015. Designing connected products: UX for the consumer Internet of Things. "O'Reilly Media, Inc.".

Digital Library

[38]

F. B. Shava and D. Van Greunen. 2013. Factors affecting user experience with security features: A case study of an academic institution in Namibia. In 2013 Information Security for South Africa. 1--8.

[39]

Anselm Strauss and Juliet M. Corbin. 1997. Grounded theory in practice. Sage.

[40]

Jitesh Ubrani, Ramon Llamas, and Michael Shirer. 2019. Double-Digit Growth Expected in the Smart Home Market, Says IDC. (March 2019). https://www.idc.com/getdoc.jsp?containerId=prUS44971219

[41]

Paul Voigt and Axel Von dem Bussche. 2017. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing (2017).

[42]

Elizabeth Wolfe and Brian Ries. 2019. Ring camera: A hacker accessed a family's security camera told their 8-year-old daughter he was Santa Claus - CNN. (Dec. 2019). https://edition.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html

[43]

Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423.

Digital Library

[44]

Robert K. Yin. 2017. Case study research and applications: Design and methods. Sage publications.

[45]

Eric Zeng and Franziska Roesner. 2019. Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study. In 28th USENIX Security Symposium (USENIX Security 19). 159--176.

[46]

Kai Zhao and Lina Ge. 2013. A survey on the internet of things security. In 2013 Ninth international conference on computational intelligence and security. IEEE, 663--667.

Digital Library

[47]

Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User perceptions of smart home IoT privacy. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 200.

Digital Library

[48]

Mary Ellen Zurko. 2005. User-centered security: Stepping up to the grand challenge. In 21st Annual Computer Security Applications Conference (ACSAC'05). IEEE, 14--pp.

Digital Library

Cited By

Marialva Yvano MColeti TDella Mura WFioravante CMoreira de Souza MAmadeu Teixeira LMorandini M(2024)Towards the access to information regarding the Personal Data Handling: A proposal for improvement and simplification of Privacy and Security PoliciesProceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702078(1-11)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3702038.3702078
Vats TSailaja NAnselmo Polido Lopes F(2024)Exploration of User Perspectives around Software and Data-Related Challenges Associated with IoT Repair and Maintenance against Obsolescence: User Study on Software and Data Interactions and Considerations for IoT Repair and Maintenance against ObsolescenceProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685383(1-17)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685383
Norval CSingh J(2024)A Room With an Overview: Toward Meaningful Transparency for the Consumer Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.331836911:5(7583-7603)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3318369
Show More Cited By

Index Terms

Factoring User Experience into the Security and Privacy Design of Smart Home Devices: A Case Study
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
    2. HCI design and evaluation methods
      1. User studies
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

The UX of Things: Exploring UX Principles to Inform Security and Privacy Design in the Smart Home
CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

Smart home devices have been successful in fulfilling functional requirements but have often failed at incorporating user-centric security and privacy. This research project addresses the problem of security and privacy in the smart home through the lens ...
“It did not give me an option to decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Smart home products aren’t living up to their promise. They claim to transform the way we live, providing convenience, energy efficiency, and safety. However, the reality is significantly less profound and often frustrating. This is particularly ...
User Perceptions of Smart Home IoT Privacy

Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

April 2020

4474 pages

ISBN:9781450368193

DOI:10.1145/3334480

General Chairs:
Regina Bernhaupt
Eindhoven University of Technology, Netherlands
,
Florian 'Floyd' Mueller
Monash University, Australia
,
David Verweij
Newcastle University, UK
,
Josh Andres
RMIT, Australia
,
Program Chairs:
Joanna McGrenere
University of British Columbia, Canada
,
Andy Cockburn
University of Canterbury, New Zealand
,
Ignacio Avellino
University of Maryland Baltimore County, USA
,
Alix Goguey
Grenoble Alpes University, France
,
Pernille Bjørn
University of Copenhagen, Denmark
,
Shengdong (Shen) Zhao
National University of Singapore, Singapore
,
Briane Paul Samson
Future University Hakodate, Japan & De La Salle University, Philippines
,
Rafal Kocielnik
University of Washington, USA

Copyright © 2020 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 April 2020

Check for updates

Author Tags

Qualifiers

Abstract

Conference

CHI '20

Sponsor:

SIGCHI

CHI '20: CHI Conference on Human Factors in Computing Systems

April 25 - 30, 2020

HI, Honolulu, USA

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
1,105
Total Downloads

Downloads (Last 12 months)162
Downloads (Last 6 weeks)11

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Marialva Yvano MColeti TDella Mura WFioravante CMoreira de Souza MAmadeu Teixeira LMorandini M(2024)Towards the access to information regarding the Personal Data Handling: A proposal for improvement and simplification of Privacy and Security PoliciesProceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702078(1-11)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3702038.3702078
Vats TSailaja NAnselmo Polido Lopes F(2024)Exploration of User Perspectives around Software and Data-Related Challenges Associated with IoT Repair and Maintenance against Obsolescence: User Study on Software and Data Interactions and Considerations for IoT Repair and Maintenance against ObsolescenceProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685383(1-17)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685383
Norval CSingh J(2024)A Room With an Overview: Toward Meaningful Transparency for the Consumer Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.331836911:5(7583-7603)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3318369
Chalhoub GKraemer MFlechais I(2024)Useful shortcutsInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2023.103177182:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.ijhcs.2023.103177
Fischer-Hübner SKaregar FFischer-Hübner SKaregar F(2024)Overview of Usable Privacy Research: Major Themes and Research DirectionsThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_3(43-102)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-54158-2_3
Patterson LWelch INg BChard S(2023)Investigating Cybersecurity Risks and the Responses of Home Workers in Aotearoa New ZealandProceedings of the 35th Australian Computer-Human Interaction Conference10.1145/3638380.3638385(99-107)Online publication date: 2-Dec-2023
https://dl.acm.org/doi/10.1145/3638380.3638385
Flechais IChalhoub G(2023)Practical Cybersecurity Ethics: Mapping CyBOK to Ethical ConcernsProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633505(62-75)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633505
Lenhart APark SZimmer MVitak J(2023)"You Shouldn't Need to Share Your Data": Perceived Privacy Risks and Mitigation Strategies Among Privacy-Conscious Smart Home Power UsersProceedings of the ACM on Human-Computer Interaction10.1145/36100387:CSCW2(1-34)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610038
Lewis BRanalli TGourley AKirupaharan PVenkatasubramanian K(2023)"I... caught a person casing my house... and scared him off:" The Use of Security-Focused Smart Home Devices by People with DisabilitiesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581007(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581007
Shere ANurse JMartin A(2023)Threats to Journalists from the Consumer Internet of ThingsProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-19-6414-5_17(303-326)Online publication date: 8-Mar-2023
https://doi.org/10.1007/978-981-19-6414-5_17
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents